Extracted

• • Target

    f480c4c267b19e122e2a8538b874e36d_JaffaCakes118

  • Size

    329KB

  • MD5

    f480c4c267b19e122e2a8538b874e36d

  • SHA1

    fb0bc1a4100646812cb4fd98bb9eed597bb30742

  • SHA256

    8c916ed8a94497730292e458d978e791feb7d13153629b659ac635d393c47463

  • SHA512

    6965a0b6f88ea49a06f46b6ae28091ca71e21426b9e80a9b60b550c70d42534ff7a4534e7b735c63b974b2baae6679b5856cfd632c4ad9fc2800ea3cb510cdea

  • SSDEEP

    6144:N8yvuEffTrVKi7DIdJK6f89HQBPftMBH5rpDSYkoKW5hhaYpZ2dX+GKT:j/ffnv7DuKn9HgN6HdhkW5yzbK

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2